from the take-a-stand dept

Swedish ISP Bahnhof has long been a supporter of keeping its customers' data private. Five years ago, we wrote about its decision to delete user log files to avoid having to rat out users under Sweden's draconian IPRED law (which required ISPs to hand over info on users accused of copyright infringement). However, various data retention laws were put in place to stop that sort of thing two years ago. So, it's not too surprising that, following the ruling this week in the EU Court of Justice that found the EU's data retention directive invalid, the ISP has acted swiftly to delete all user records and to cease collecting and retaining any more information.

After the decision in the European Court of Justice on Tuesday, the internet service provider Bahnhof decided to delete the records and to stop retaining the data with immediate effect.

That said, it may be a bit hasty for Bahnhof to have done this. As many people noted in response to the EU Court of Justice ruling, it was only ruling on the EU directive itself, and didn't directly apply to various laws passed in different countries to comply with that directive. Technically, those laws still apply -- and Swedish Justice Minister Beatrice Ask seems to imply that Bahnhof's decision broke the law.

But the minister is not pleased about Bahnhof's decision to stop all data retention immediately. "Swedish law still applies. It is not the case that you can start applying other conditions straight away. But of course we need to quickly consider what the consequences are so that everybody can get the right information," she said.

Still, it's nice to see Bahnhof, once again, make it clear that it doesn't want to be the custodian of information for law enforcement.

from the and-so-it-goes dept

There's been plenty of attention paid to Sweden's new IPRED law, which requires ISPs to hand over identifying information on those accused of file sharing -- but we've already noted that all the law is really doing is driving people to alternatives, such as encryption. And, now, it appears that even ISPs are recognizing that it just makes good business sense to better protect their users. Broadband Reports points out that a Swedish ISP, Bahnhof, has started destroying its own log files, rather than hand them over to authorities. The company's CEO notes that nothing in the law requires ISPs to keep log files -- but only to turn over what info has been retained. It seems likely that Bahnhof may have just convinced a bunch of folks to see if they can sign up for new broadband from the company. Any bets on how long it takes Sweden to pass a new law requiring ISPs to retain data for a certain period of time? Even the CEO admits that's likely -- but notes that it will show this is nothing more than a witch hunt by the entertainment industry:

"And then the legislators will have to step up and say they want to have data storage, not to catch terrorists but to help record companies and the movie industry in the hunt for file sharers."